Chapter 2

Question 1

The Concept of System Security

Answer 1

A secure system must deliver its intended behaviours and outcomes while avoiding unintended ones that may lead to unacceptable asset loss.

Question 2

User Intent

Answer 2

User intent refers to the system delivering behavious and outcomes expected by the user, which is a key aspect of security.

Question 3

Design Intent

Answer 3

Design intent implies that the system should meet the behaviours and outcomes defined in its design, which is another key aspect of security.

Question 4

Primary Security Goal

Answer 4

The primary security goal is to ensure that the only intended behaviours and outcomes take place within and through the system. Every security requirement stems from this objective.

Question 5

Mediated Access

Answer 5

Mediated access means controlling access by enforcing constraints and following non-conflicting rules, a fundamental principle in trustworthy secure design.

Question 6

Security Policies

Answer 6

Security policies define the scope of control, bounds for application, and rules governing the behaviour and outcomes of subjects, objects, and operations. They are derived from various sources.

Question 7

Trustworthiness and Security Policies

Answer 7

Trustworthiness depends on the accuracy, consistency, compatibility, and completeness of security policy rules. Inconsistencies or gaps can lead to vulnerabilities.

Question 8

Adequately Secure System

Answer 8

An adequately secure system possesses resilience to adversity, behaviour and outcome control, and rule-based access control.

Question 9

Resilience to Adversity

Answer 9

Resilience to adversity implies that a secure system can deliver its intended capabilities even when facing deliberate or accidental adversities.

Question 10

Rule-Based Access Control

Answer 10

Rule-based access control involves enforcing rules to permit authorised human-to-machine and machine-to-machine interactions while ensuring behaviour and outcome control.

Question 11

Determining Adequate Security

Answer 11

Adequate security depends on evidence-based assessments that optimise security while considering performance objectives and constraints. It is context-dependent and subjective.

Question 12

As Secure as Reasonable Practicable (ASARP)

Answer 12

Being ASARP means increasing security further would result in disproportionate costs, schedule delays, or unacceptable compromises

Question 13

Protective Failure

Answer 13

Protective failure involves detaching form an insecure state or impending transition to one and taking responsive actions to prevent further failures.

Question 14

Protective Recovery

Answer 14

Protective recovery focuses on transitioning from an insecure state to a secure state or a less insecure one while preventing further state transitions.

Question 15

Characteristics of Systems

Answer 15

The security and trustworthiness of systems are influenced by various characteristics, interactions with other systems, and their roles within a system of systems.

Question 16

Criticality of a System

Answer 16

The level of importance or criticality of a system within its context can influence the rigor and extent of security measures.

Question 17

Ramifications of System Failure

Answer 17

Understanding the consequences of a system’s failure is essential in shaping security requirements.

Question 18

Approach to System Acquisition

Answer 18

How a system is acquired, whether developed, bought, or reused, affects the security strategies and considerations.

Question 19

Value and Sensitivity of Assets

Answer 19

The value, sensitivity, and criticality of assets entrusted to and used by the system directly relate to security requirements.

Question 20

Concept of Assets

Answer 20

Assets are valuable items or entities, categorised as tangible (physical) and intangible (non-physical)

Question 21

Valuation of Assets

Answer 21

Valuing an asset is crucial for making decisions about investing in its protection, but varying stakeholder perspectives may need to be reconciled.

Question 22

The Concepts of Loss and Loss Control

Answer 22

Loss refers to the experience of an asset being taken away or destroyed. Loss control objectives guide decisions on loss prevention and mitigation to protect asset characteristics.

Question 22

Addressing Loss

Answer 22

Addressing loss involves the implementation of protective measures to ensure that only authorised and intended behaviours and outcomes occur within the system

Question 23

Structured Reasoning about Asset Loss

Answer 23

A structured approach to reasoning about asset loss involves elements like the context of loss, significance of loss, confidence in addressing loss, cause of loss, and addressing loss.

Question 23

Evidence-Based Assurance

Answer 23

Demonstrating confidence in addressing loss relies on evidence that is well-documented and evolves as the system develops. Assurance cases show how system features and capabilities create a solid evidence base.

Question 23

Systems Security Engineering

Answer 23

Systems security engineering is a specialised branch of systems engineering that takes a holistic approach to ensure the success of secure systems throughout their entire lifecycle, considering various aspects like risk assessment, cost-benefit analysis, and transdisciplinary approaches.

Question 23

Required Capability vs Protection Capability

Answer 23

When demonstrating adequate security, one must consider both the required capability (what the system is designed to do) and the protection capability (security features).

Question 23

Limits of Certainty

Answer 23

Being aware of potential errors, gaps, or inconsistencies in requirements is crucial when demonstrating adequate security, as it’s impossible to guarantee the absence of all loss due to uncertainty.